Category Archives: VoIP

Everything related to VoIP Technology, PBX, FreePBX, Asterisk, Sonus, FreeSwitch, Fusion, 3CX, Bria, Teams

3- Migrate Users from Skype for Business 2015 to Teams

 

Hybrid Integration

In my last post about Skype for Business / Office 365 Skype for Business Online/Teams migration article I discussed the steps of how to create a hybrid environment between Skype for Business on-premises and went through the troubleshooting of each issue I have been through. In this article I am going to discuss the migration of users from on-premises to the cloud through UI and PowerShell.

Migrating users

This article will assume that you are planning to migrate users from Skype for Business Frontend 2015 Server and that you already have a hybrid configuration in place. If so then you’re going to fulfill the following prerequisites:

To check the currently installed PowerShell run the following cmdlet

$PSVersionTable

clip_image001

After you Download and install PowerShell 5.1 you might need to restart the server. In which case the PowerShell will show that it is updated to the required version.

image

After Installing the Skype Online Connector Module, We will be able to connect right after launching PowerShell

To do so type:

Import-Module SkypeOnlineConnector

image

Connecting to Office 365 (Teams Online or Skype for Business Online)

The process of connecting to Office 365 Online PowerShell sounds easy but with MFA enforced in your environment you’ll have a nightmare mix of errors when you try so.

I have came through a lot of errors trying to force the use of PowerShell with MFA user authentication but eventually came to realize that Microsoft still does not support MFA for some cmdlets like Move-CsUser for instance.

So In short, to connect you’ll need to have a global or Teams admin user with MFA disabled to do so.

To create a new Skype Online Session enter:

– Make sure you start the regular PowerShell as admin and not Skype for Business Management Shell.

If you run these commands from SfB Management Shell you’ll get an error

image

So first, We will import the Skype Online connector Module

Import-Module SkypeOnlineConnector

image

Then get the OverRidePowershell URI using the command:

Get-CsOnlinePowerShellEndPoint

image

 

Next, We will connect and authenticate to our tenant using the following cmdlet

$sfbsess = New-CsOnlineSession -Username User@domain.onmicrosoft.com -OverRidePowerShellUri https://admin4a.online.lync.com/OcsPowershellOAuth –Verbose

image

Moving Users to Teams

To Move users to Office 365, You need to first provide credentials of the User with MFA disabled and then use the command Move-CsUser

An Example:

$Creds = Get-Credential

image

Moving User

Move-CsUser –Identity user@domain.com –target “sipfed.online.lync.com” –hostedMigrationOverRideUri https://admin4a.online.lync.com/HostedMigration/hostedmigrationservice.svc –ProxyPool “YourFEPool.Domain.local” –Credential $Creds

image

Let’s check the status of the migrated user, The hosting provider attribute is what we care about as it tells us where the user is homed at.

image

 

Checking the user from Teams Portal

Users seems to be licensed, online and can now login using the Microsoft Teams app.

image

Bulk Enable Users and assign Tel URI numbers to them

In case you have a big number of users that you want to enable them online

# Please provide your O365 admin credential

$creds = Get-Credential

-PSSession (New-CsOnlineSession $cred) -AllowClobber

$csv = Import-csv “C:\Users\Mohammed\users.csv”

ForEach ($user in $csv) {

Write-host now enabling $user.alias

Move-CsUser –Identity $user.alias –target “sipfed.online.lync.com” –hostedMigrationOverRideUri https://admin4a.online.lync.com/HostedMigration/hostedmigrationservice.svc –ProxyPool “YourFEPool.Domain.local” –Credential $creds

}

The CSV File will look like this

Alias

user@domain.com

user2@domain.com

 

Moving User back to On-premises (From Office 365 to SfB 2015 )

On Frontend Server Launch PowerShell as Administrator then:

A- Import-Module MicrosoftTeams

B- Connect-MicrosoftTeams

After you connect you’ll get the following result:

Now that you’re connected to your tenant, Try to create a Skype for Business session with the following commands

C- $sfbsession = New-CsOnlineSession

D- Import-PsSession $Sfbsession

You should get the following result

Type the following command to move the user back to On-premises environment:

Now last and most important note is that since I am using Skype for Business 2015 Server, I have to use the parameter -UseOAuth which uses modern authentication.

Move-csuser -Identity User@domain.com -target PoolHostname.Domain.Local -UseOAuth -Verbose

This should get it to work finally

 

Errors you might face

Error 1:

When you have your on-premises user enabled for dialin you will probably get the following error if you try to migrate them to Skype for Business online or teams.

Move-Csuser :: HostedMisrat ion fault: Error=(511), Description=(The user could not be moved because he or she is enabled for dial-in conferencing on-premises, but has not been an assigned an Audio Conferencing license in Office 365. Users must be licensed before they can be moved to Teams or Skype for Business Online.)

If you are sure do want to use migrate this user without an Audio Conferencing license, specify the

“BypassAudioConferencingCheck” switch. ) At line: 1 char: 1

clip_image001[4]

The Solution is to either provide an audio conferencing license  or as it is showing in the error itself as it says use the switch -BypassAudioConferencingCheck to ignore that.

Error 2:

When trying to import the session, I got the following error

the runspace state is not valid for this operation for PowerShell Online.

clip_image001[6]

Solution: To overcome this problem you’ll need to use the overridePowershellUri Parameter in the New-CsOnlineSession in order to connect to Skype online powershell.

To get your tenant’s PowerShell URI use the cmdlet Get-CsOnlinePowerShellEndPoint

What you need to use is the AbsoluteUri

clip_image001[8]

Error 3:

When you try to import the SkypeOnlineConnector module and then run the New-CsOnlineSession cmdlet from Skype for Business Management Shell you’ll get the following error after authenticating.

Sign in

Sorry, but we’re having trouble signing you in.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ‘7716031e-6f8b-45a4-b82b-922b1af0fbb4’. More details: Reply address did not match because of case sensitivity.

Troubleshooting details

If you contact your administrator, send this info to them.
Copy info to clipboard  
  
Request Id:  f0f97265-4669-4e4f-bcf7-609469e92f00
 
Correlation Id:  829c8a2b-f697-416f-bfa6-4a794a229a13

Timestamp:  2021-01-10T23:00:10Z
 
Message:  AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ‘7716031e-6f8b-45a4-b82b-922b1af0fbb4’. More details: Reply address did not match because of case sensitivity.
     

Advanced diagnostics: Disable
  
If you plan on getting support for an issue, turn this on and try to reproduce the error. This will collect additional information that will help troubleshoot the issue.

image

Solution:

Run the cmdlets from Windows PowerShell as admin not Skype for Business Management shell.

Error 4 

Get-CsOnlinePowerShellAccessInformation : Unable to get response from https://admin4a.online.lync.com/OcsPowershellOAuth.
At C:\Program Files\Common Files\Skype for Business Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:160 char:20
+ … pAuthInfo = Get-CsOnlinePowerShellAccessInformation -PowerShellEndpoi …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-CsOnlinePowerShellAccessInformation], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.Rtc.Management.OnlineConnector.GetPowerShellAccessInformationCmdlet

Error 5

Move-CsUser
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “Y”): y
move-csuser : The underlying connection was closed: An unexpected error occurred on a send.
At line:1 char:1
+ move-csuser -identity user@domain.com -target D2-POOL01.clou …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (CN=user …domain,DC=net:OCSADUser) [Move-CsUser], WebException
+ FullyQualifiedErrorId : MoveError,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserCmdlet

Solution:

1- Make sure you have the proper Powershell version.

2- Make sure you enable TLS1.2 as default, for a quick solution use this PowerShell script 

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

3- Use MFA enabled account by following these steps to login and move user.

A- Import-Module MicrosoftTeams

B- Connect-MicrosoftTeams

After you connect you’ll get the following result:

Now that you’re connected to your tenant, Try to create a Skype for Business session with the following commands

C- $sfbsession = New-CsOnlineSession

D- Import-PsSession $Sfbsession

You should get the following result

Now last and most important note is that since I am using Skype for Business 2015 Server, I have to use the parameter -UseOAuth which uses modern authentication.

This should get it to work finally

References:

https://docs.microsoft.com/en-us/microsoftteams/upgrade-to-teams-on-prem-overview

https://social.technet.microsoft.com/wiki/contents/articles/34339.skype-for-business-online-enable-your-tenant-for-modern-authentication.aspx

https://docs.microsoft.com/en-us/skypeforbusiness/hybrid/move-users-from-on-premises-to-skype-for-business-online

https://docs.microsoft.com/en-us/microsoftteams/teams-powershell-install

https://docs.microsoft.com/en-us/skypeforbusiness/troubleshoot/hybrid-move-sfb-online/move-csuser-hostedmigration-fault-507

https://docs.microsoft.com/en-us/powershell/module/skype/move-csuser?view=skype-ps

error when Installing Nuget module for Microsoft Teams integration

Story

I got a client requesting to integrate Skype for Business 2015 with Microsoft Teams. Skype for Business 2015 is installed on Windows Server 2012 R2 which has PowerShell 4.0

I already installed PowerShell 5.1 and restarted the server in question.

When I tried to install the Microsoft Teams PowerShell Module to integrate Skype for Business with Teams I got the following error:

image

Error

PS C:\Users\Admin> Install-Module MicrosoftTeams

NuGet provider is required to continue
PowerShellGet requires NuGet provider version ‘2.8.5.201’ or newer to interact with NuGet-based repositories. The NuGet
  provider must be available in ‘C:\Program Files\PackageManagement\ProviderAssemblies’ or
‘C:\Users\Admin\AppData\Local\PackageManagement\ProviderAssemblies’
. You can also install the
NuGet provider by running ‘Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force’. Do you want
PowerShellGet to install and import the NuGet provider now?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is “Y”): y
WARNING: Unable to download from URI ‘https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409′ to ”.
WARNING: Unable to download the list of available providers. Check your internet connection.
PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider
‘NuGet’. The package provider requires ‘PackageManagement’ and ‘Provider’ tags. Please check if the specified package
has the tags.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21
+ …     $null = PackageManagement\Install-PackageProvider -Name $script:N …
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : InvalidArgument: (Microsoft.Power…PackageProvider:InstallPackageProvider) [Install-Pac
    kageProvider], Exception
     + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro
    vider

PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name
‘NuGet’. Try ‘Get-PackageProvider -ListAvailable’ to see if the provider exists on the system.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7411 char:21
+ …     $null = PackageManagement\Import-PackageProvider -Name $script:Nu …
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : InvalidData: (NuGet:String) [Import-PackageProvider], Exception
     + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProv
    ider

More Details:

Although I have PowerShell 5.1 module installed but still it seems problems wont go away. It’s part of Microsoft’s main requirement to have Windows PowerShell 5.1 and to import the Microsoft Teams Module for an easy installation and integration with Teams as it leverages the Module MicrosoftTeams to make things easy.

When looking at the details of the error, it seems as if PowerShell is trying to connect to a particular link to download and install the NuGet Provider which is part of installing the MicrosoftTeams Module.

The error below can be noticed to be the cause.

image

Resolution:

After doing some digging it turns out that since April 2020 Microsoft has disabled the use of TLS Version 1.0 and 1.1 so people who are working on old Windows Server edition or any application servers that utilize these protocols will now have to force PowerShell or any other app to use the TLS 1.2 Version.

In order to fix this, You will need to run the following Script on your PowerShell as an Admin

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

See the announcement here:

https://docs.microsoft.com/en-us/powershell/scripting/gallery/installing-psget?view=powershell-7.1

After running this script, I was able to install NuGet and run the installation of MicrosoftTeams PowerShell Module

image

Hope this helps

Deleting Old Skype for Business or Lync server from ADSI

The story

I had a project few weeks ago where my client wanted to install Skype for Business 2019 but had installed Lync before and removed the server without doing proper decommissioning which kept dirty records in AD database and had to be removed manually in order to make a new clean installation of Skype for Business 2019

To do so:

There are two days of doing so, One is using ADSIEdit and ADUC to remove Computer Objects and Users related attributes and Security Groups.

I normally would prefer PowerShell but since we can demonstrate both ways for people who like to work with GUI

Starting with GUI

Removing Legacy Lync server from the AD Schema

Prerequisites

  1. Using a domain or enterprise admin
  2. Access to the ADSIEdit.

Goal of removing Legacy Lync server from your AD environment.

  1. Preparing AD schema and domain for a new deployment after you improperly deleted Lync Servers without uninstalling them.
  2. Cleaning Users’ Lync related attributes for the new deployment.

clip_image001

clip_image002

Step#1: Remove permissions

This step removes the original Lync permissions from the active director.

  1. Open Active Directory Users and Computers
  2. Right click on your top level domain being cleaned and select Properties
  3. From the Properties windows, select the Security tab.
  4. Remove all security users titled RTC*
    These are usually
    – RTCUniversalServerReadOnlyGroup
    – RTCUniversalUserReadOnlyGroup
    – RTCUniversalUniversalServices
    – RTCUniversalUserAdmins

From <http://blog.armgasys.com/?p=320>

clip_image003

clip_image004

  1. Repeat the same steps for each of the following AD Folders and

    OUs
    NOTE: Not all RTC permissions will exist in each AD Folder or OU, but these three OUs do:
    – Domain Controllers
    – System
    – Users

Domain Controllers

clip_image005

Systems

clip_image006

Users

clip_image007

Step#3: Additional AD cleanup

  1. Open Active Directory Users and Computers
  2. Drill down as follows
    [Your Domain] \ Program Data \ Distributed \ KeyMan
  3. Delete LyncCertificates
    NOTE: This may not exist in all scenarios.
  4. Drill down as follows
    [Your Domain] Users
  5. Delete all RTC* and CS* users created by Lync
    I.E. CSAdministrator, CSHelpDesk, RTCComponentUniversalServices, Etc.

image

Deleting users from the User OU

clip_image001[6]

Deleting CS Users

clip_image002[4]

Step#4: Cleanup existing users

This steps resets Lync attributes for any domain users and contacts.

image

The Second way: Using PowerShell

get-aduser -filter {msRTCSIP-PrimaryUserAddress -like “*”}|set-aduser -clear msRTCSIP-PrimaryUserAddress,msRTCSIP-PrimaryHomeServer,msRTCSIP-UserEnabled,msRTCSIP-OptionFlags,msRTCSIP-UserPolicies, msRTCSIP-DeploymentLocator, msRTCSIP-FederationEnabled, msRTCSIP-InternetAccessEnabled

Result:

Users attribute are clean and AD has nothing left over of Previous installation of Lync or Skype for Business .

clip_image001[8]

Lync Front end event ID 32178

The Issue: Replication problem occurs between Frontend Servers and Edge

If you look at the Eventviewer you might find the following error when you have finished deploying Edge or Frontend Server.

Error:

Failed to sync data for Routing group {563F57A3-0AC1-560A-91B4-74ACDECB2683} from backup store.

Cause: This may indicate a problem with connectivity to backup database or some unknown product issue.

Resolution:

Ensure that connectivity to backup database is proper. If the error persists, please contact product support with server traces.

clip_image001

This error happens when you mistakenly import a certificate that’s not self-signed into the Local computer’s trusted authority store.

To fix this issue you will have to use the following powershell cmdlet on all the servers that are showing the error
  • Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:\computer_filtered.txt”
  • Then type the command
  • Notepad C:\computer_filtered.txt
  • The command will open notepad file with the certificates details in it.
  • Take a note of all certificate’s thumb print number and open your MMC console
  • Click File -> add the Certificate then choose Local computer
  • Navigate to “Trusted Root Certification Authority” store

clip_image002

Check the certificate that their thumb print were shown in the Txt file and remove to the Intermediate Certification authority store.

If you have many certificates in the Trusted root store, you can manage the view and choose “Issued by” and then click on the certificate that the “Issued to” and “Issued by” do not match

clip_image003

double click on it then choose the thumbprint section and try to see if this thumbprint value matches the one in the text and move it to the intermediate store.

clip_image004

When you finish, you must restart the servers one by one in order to resolve this issue and then you will notice that the error is gone and that services are back to normal state

clip_image005

http://support.microsoft.com/kb/2795828

Lync common issues

Publishing Topology on Frontend

Some of the issues that might face you while you’re deploying Skype for Business/Lync is something that might be stuck within AD.

A previous installation that was not properly cleaned could result in a failure of publishing the Topology.

Here is one issue that I had while deploying one for one of my clients.

Issue

Enable-CsTopology : Multiple Active Directory entries were found for type “ms-RTC-SIP-EdgeProxy” with ID in a multiple Domain Environment

Active Directory Issue?

Enable-CsTopology : Multiple Active Directory entries were found for type “ms-RTC-SIP-EdgeProxy” with ID

“lyncedge.domain.local”.

At line:1 char:1

+ Enable-CsTopology

+ ~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidData: (:SourceCollection) [Enable-CsTopology], InvalidDataException

+ FullyQualifiedErrorId : DuplicateADEntry,Microsoft.Rtc.Management.Deployment.ActivateTopologyCmdlet

clip_image001

clip_image002

clip_image003

Solution:
  • Open ADSIEDIT and look in the following snapshot. Open Configuration for your DC
  • Collapse the menu and click on Services
  • Click on RTC Service
  • Click on Global Settings and on the right pane look if there’s any duplicated entries and remove them.
  • As you can see on my right pane I have 2 duplicated (msRTCSIP-EdgeProxy) and I’m going to remove one of them and see if I can publish my topology or not. But before that I will have to make sure that I export the entry that I wanna delete.

clip_image004

I right clicked on the last value and deleted it and here how it became now.

clip_image005

Now I will try to publish my topology and see what happens, my topology publishing failed with a new error this time.

clip_image006

I will have to go and check where’s this coming from, since it mentions TrustedService. I will go look in the trusted service

This is not going to be easy, as you need to becareful where you look .. You will need to make sure that you’re looking at the right FQDN

clip_image007

Here I could find the value MRAS for the FQDN Edge server

So I looked here and found 2 identical entries with a different (CN) if you scroll down you will see that the GruuId is the same, FQDN is the same, port is the same.

clip_image008

clip_image009

Let’s delete one of them and see again if we can publish our topology, So I deleted the one that starts with {b344}

I will do this using the Lync Powershell, you can see below that the Topology was published successfully.

clip_image010

To resolve the warning you will have to issue the cmdlet Enable-CsAdForest after the Enable-CsTopology

clip_image011

2- SKYPE FOR BUSINESS EDGE SERVER DEPLOYMENT AND HYBRID INTEGRATION WITH SKYPE FOR BUSINESS ONLINE

Skype for Business Edge server deployment and Hybrid integration with Skype for Business Online

In the last Skype for Business post I have upgraded my Lync 2013 to Skype for Business (Click here to go to that post). in this article I am going to install Edge server for Skype for Business to the same Lync Environment where I have done the Upgrade to Skype for Business.

Configuring Edge Server

Setup NETBIOS

In order to configure Skype 4 Business Edge, we’ll have to change the Netbios to give it the name of our Domain but we won’t join it to the domain.

clip_image001[8]

clip_image002[8]

Setup NICs

Edge Server must have 2 NICs, one Local NIC will point out to the Front end server but must not have Default gateway so traffic can only flow through the DMZ out to the internet and back in. but still it must be able to ping to the FE from Edge and vice versa.

The DMZ network could have a single DMZ address (Public Address to be pointing to) or three DMZ addresses for public IP addresses with standard https ports.

clip_image003[8]

clip_image004[8]

Configure Hostnames

Edit the Edge server’s host file to include Lync FE and DC’s IP addresses and Hostname

image

Install Prerequisites

  • Microsoft .Net Framework 3.5
clip_image001[10]

Now I will go back to Skype for Business FE server, I’ll launch the topology builder and add new Edge server

I will add the first Edge pool which contains of a single Edge server

clip_image002[10]

Next, you will have to choose if you want to enable federation with partners or other service providers …e.g. (Google)

clip_image003[10]

I am intending to use a single Public IP address with a different ports (nonstandard) since this is a lab. For production use it’s recommended to have 3 public IP addresses, One is for Access Edge, AV and WebConf services.

clip_image004[10]

Next I will choose the last option which says that the Edge pool is translated by NAT. I will configure my firewall to NAT ports to the Edge’s DMZ IP addresses from the Public so I am choosing this option.

clip_image005[8]

clip_image006[8]

This is the FQDN’s the default configuration .. It’ll only use a single FQDN for all services if you’re going to use a single public IP address with a different ports.

IMPORTANT NOTE

When you use a single IP address with a different ports, the Access Edge port will normally change to 5061 (Not 443 like in the _sip._tls.domain.com) SRV record which will cause failure if you forgot to change this port to match the one in your Topology’s Access Edge settings.

Next I’ll have to enter my Edge server’s Local IP address.

clip_image007[8]

Next I will be asked to enter the DMZ’s IP address which the wizard calls (Private External IP address)

clip_image001[12]

Here I am going to place the NAT IP address which is my Public IP address.

clip_image002[12]

Next I’ll have to choose which Lync FE pool will be used as the next hop to the Edge pool. In this case I’ll be choosing my main pool since the second is only for resilience purpose.

clip_image003[12]

Then I’ll associate the mediation pool for Edge server for external media traffic. I can assign both in this case.

clip_image004[12]

Now I’ll click on Finish and right click on the Site name’s properties to enable the SIP federation and XMPP federation then Publish the topology.

clip_image005[10]

clip_image006[10]

clip_image007[10]

clip_image008[10]

Now I will setup Azure Active Directory Sync on my DC server in order to sync the required users for the test purpose.

My domain is adeo.local so I want to change the UPN for users to match the synced domain. (Adeo-office365.ga) and moh10ly.com

clip_image009[8]

Installing Azure Active Directory Sync

Now I will install the prerequisites which consist of the following

clip_image010[8]

Net framework 4.5.2 is required for AADS but it’s already installed on my server

clip_image011[8]

Next I will install Microsoft Online Service Sign in assistant

clip_image012[8]

Next I will install Azure AD Module

clip_image001[14]

Finally Azure AD Sync

clip_image002[14]

Before moving forward, I’ll have to go to the Office 365 portal and activate DirSync

clip_image003[14]

Then use a global admin credentials from O365.

clip_image004[14]

Adding the forest using an enterprise admin user account

clip_image005[12]

clip_image006[12]

Due to the fact that my domain adeo-office365.ga’s public dns host doesn’t have SRV configuration because it’s hosted by the famous free domain service (Freenom) so I’ll have to add my original domain moh10ly.com as Lync (S4B) requires SRV records to point to the on-premises lync.

clip_image007[12]

clip_image008[12]

clip_image001[16]

clip_image002[16]

clip_image003[16]

I will only sync one OU, so I will untick the Sync now box and click on Finish

clip_image004[16]

I will go to the following path

“C:\Program Files\Microsoft Azure AD Sync\UIShell” and create a shortcut for the GUI application of AADS on the desktop

“C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe”

clip_image005[14]

To get this GUI app to work, you will have to sign out of your account and sign back in as your username will be added to the local administrators and have the authority to open it

Log off, log back in

clip_image006[14]

Next I will go to the connectors tab and double click on the ADDS connector (Adeo.local)

clip_image007[14]

I will go to the Configure Directory Partitions and under Credentials I’ll choose “Alternate credentials for this directory partition” then enter my on-premises AD Enterprise admin credentials

clip_image008[14]

I’ll click on Containers

clip_image001[18]

I’ll untick the DC=Adeo,Dc=Local box and only choose Dirsync OU then click OK and apply

clip_image002[18]

Before I start syncing my AD , I will go to Skype for Business Server and add my domain moh10ly.com as a SIP domain

clip_image003[18]

Next I am going to change the FQDN of the SIP access edge for public domain to moh10ly.com and the default port for the Access Edge to 443 and publish the topology

clip_image004[18]

clip_image005[16]

I needed to finally check if all my FE servers are replicating. So then I can move to Edge server to install Lync components

clip_image006[16]

On the Edge server, I’ll use ISO for Skype 4 business to install the setup

clip_image007[16]

clip_image008[16]

First thing I’ll install the local Configuration Store

I’ll click on Run and then I’ll be asked to import the configuration file which I’ll must export from Lync FE (Skype 4 b FE) server

clip_image009[10]

In this case, I’ll go to Lync FE and open Lync Management shell and enter the following Cmdlet

Export-CsConfiguration -FileName c:\top.zip

clip_image010[10]

This cmdlet will export a file to the root C drive . I’ll copy this file to the edge server.

clip_image011[10]

I’ll click next to continue, this should start installing the local store

clip_image012[10]

clip_image013[8]

clip_image014[8]

Next I’ll request a certificate for Internal NIC For edge server

clip_image015[8]

clip_image016[8]

clip_image017[8]

Configure Certificate

I’ll take the CSR (Certificate sign request) code and get a certificate from my local CA

clip_image018[8]

I’ll open MMC and add Certificates console and import the PKCS certificate

clip_image001[20]

clip_image002[20]

After importing the certificate I’ll assign it to the internal NIC by clicking on Assign to the Edge Internal

clip_image003[20]

clip_image004[20]

clip_image005[18]

clip_image006[18]

Once we assign the certfiicate to the internal edge. The replication service for Edge and FE will start working

clip_image007[18]

Now I’ll import my Public Certificate to Edge Server’s DMZ NIC

I already imported my public certificate, now I’ll go to the S4B wizard and assign it there

clip_image008[18]

clip_image009[12]

Unlike IN lync 2013 when you Click on Start service in the Wizard all services start on their own but on Skype for business you ‘ll have to start the services manually by yourself.

clip_image010[12]

So Instead I used the service console to start the services.

Now I’ll go back to the FE And enable remote connectivity to Skype for Business from outside and make sure that replication works fine by checking the Topology or from cmdlet

clip_image011[12]

clip_image012[12]


After the replication is finished, I was able to login remotely with my Skype for Business on-premises accounts.

Setting up Hybrid integration with Skype online for Business (O365)

https://technet.microsoft.com/en-us/library/jj205126.aspx

https://technet.microsoft.com/en-us/library/jj204669.aspx

In order to allow Hybrid environment to function properly, we’ll have to federate our Skype for Business on-premises’s Edge server as Microsoft says below

Federation allows users in your on-premises deployment to communicate with Office 365 users in your organization. To configure federation, run the following cmdlets in the Skype for Business Server Management Shell:

From <https://technet.microsoft.com/en-us/library/jj205126.aspx>

On the front end server, we’ll run the following CMDlet

Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -UseDnsSrvRouting -EnablePartnerDiscovery $true

clip_image014[10]

Next cmdlet will create a new public federated provider for skype for business online.. However it already exists by default as in the below snapshot but just to avoid any issues I will delete the default provider from control panel and recreate it again. 

clip_image015[10]

I’ll delete the hosted provider “Skype for Business Online”

clip_image016[10]

I’ll try the cmdlet again after deleting the provider ..

New-CSHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn “sipfed.online.lync.com” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

clip_image017[10]

Since it worked already, I will go back to the control panel and make sure it is enabled

clip_image018[10]

Next is : Configure your Skype for Business Online tenant for a shared SIP address space

Note:

To configure a shared SIP address space, establish a remote PowerShell session with Skype for Business Online, and then run the following cmdlet:

We’ll have to download skype for business online powershell

https://onedrive.live.com/redir?resid=82488EABA4ACDB15!38849&authkey=!AKW6Ln4Rkn6QuUI&ithint=file%2cexe

After launching the PowerShell module as an administrator I’ll run the following cmdlet

Import-Module SkypeOnlineConnector

clip_image019[8]

Now I’ll connect to my Office 365 tenant

clip_image020[8]

$cred = Get-Credential

$CSSession = New-CsOnlineSession -Credential $cred

Import-PSSession $CSSession -AllowClobber

clip_image021[8]

Now I’ll configure the shared sip address

Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true

From <https://technet.microsoft.com/en-us/library/jj205126.aspx>

clip_image001[22]

To double check my configuration I will see if the SharedSipAddresSpace is enabled or not

Get-CsTenantFederationConfiguration

clip_image002[22]

To double check that the hybrid configuration is setup properly we can use the Skype for business on-premises Hybrid UI wizard from the Home Menu under “Connection to Skype for Business Online”

clip_image003[22]

Using the Skype for Business 2015 User interface to setup Hybrid configuration:

After you sign in it does automatically logs you in and configure the three following options

  1. Federation for the Edge server
  2. Federation with Office 365.
  3. Shared SIP address space.
clip_image004[22]

clip_image005[20]

Now I will configure my DNS Settings as recommended by Microsoft for the Hybrid Integration scenario

DNS Settings

When creating DNS SRV records for hybrid deployments, the records, _sipfederationtls._tcp.<domain> and _sip._tls.<domain>, should point to the on-premises Access Proxy.

From <https://technet.microsoft.com/en-us/library/jj205403.aspx>

  1. Update some DNS records to direct all SIP traffic to Skype for Business on-premises:
  • The lyncdiscover.contoso.com A record to point to the FQDN of the on-premises reverse proxy server.
  • Update the _sip._tls.contoso.com SRV record to resolve to the public IP or VIP address of the Access Edge service of Skype for Business on-premises.
  • Update the _sipfederationtls._tcp.contoso.com SRV record to resolve to the public IP or VIP address of the Access Edge service of Skype for Business on-premises.
  • If your organization uses split DNS (sometimes called “split-brain DNS”), make sure that users resolving names through the internal DNS zone are directed to the Front End Pool.

From <https://support.office.com/en-us/article/Configure-Skype-for-Business-Server-2015-Hybrid-b06ee805-4349-4519-82fb-b06ed57c0bd0>

According to Microsoft’s configuration of the Public DNS, you will have to configure only the SRV records to point to your edge server however, running a simple wireshark on your Skype for business client machine you can notice the following:

clip_image006[20]

Microsoft Lync / Skype client first requires the Lyncdiscover / Lyncdiscoverinternal record in order to see where the user is located… then gets redirected to webdir.online.lync.com which is the Cname value to the Lyncdiscover Cname in the public DNS and tries to login the user through Login.microsoftonline.com then finds no user there and logs in using the SRV eventually in the end as in the below snapshot which I’ve used Wireshark for to monitor the DNS traffic that the Lync Client requests upon login request.

clip_image007[20]

NOTE:

What have me confused here is that Microsoft says only SRV records must be pointing to your On-premises Lync/Skype for Business Edge server.. So you must enter something else other than SIP.domain.com (Which in normal cases might be the common name of your Edge certificate) for the value of the SRV Record since the SIP.domain.com and Lyncdiscover.domain.com must be pointing to Office 365.

I tried using the Public IP address of my Edge server just to check if my on-premises user will connect without any issue however I did have an issue with the Certificate saying “There was a problem verifying the certificate from the server”.

clip_image008[20]

Error:

Luckily the Public certificate that I had on my edge server had multiple SANs (Subject Alternative Names) and one of them was WAC.moh10ly.com which I was intending to use for the WAC Server (Office Web Apps Server) and then I created an A record on my public DNS WAC.moh10ly.com that points to my Edge server’s Public IP address…. although the Wac.moh10ly.com is not a common name but it worked and I was able to federate with Office 365 users and was able to move users from on-premises to office 365 and back to on-premises as demonstrated later in the article.

“When creating DNS SRV records for hybrid deployments, the records, _sipfederationtls._tcp.<domain> and _sip._tls.<domain>, should point to the on-premises Access Proxy.”

From <https://support.office.com/en-us/article/Configure-Skype-for-Business-Server-2015-Hybrid-b06ee805-4349-4519-82fb-b06ed57c0bd0>

clip_image009[14]

Now I have changed all the SRV records to direct to the new A record

clip_image010[14]

And finally deleted the A sip record and created a new CNAME record that points to sipdir.online.lync.com

clip_image011[14]

clip_image012[14]

I have already a user synced from my local AD to the cloud (office 365) that’s not enabled for Skype for business on-premises .. Once this user is synced and have been assigned a license it should be directly enabled for Skype for Business Online and I should be able to sign in to it without any issue.

Note:

In order for both users (homed online and On-premises) to see eachother’s presence the synced user must be enabled on the On-premises Server before moved to the cloud or else the presence and M will fail.

Time to test, I was able to sign in to the Online homed user (admin) and now I’ll be adding the on-premises homed user to the list to check the presence, IM ..etc

clip_image001[24]

Here I added the user admin to my other account Mohammed.hamada and vice versa.

clip_image002[24]

The Presence appears to be working fine for user homed on-premises as it shows when I changed it to “busy, be right back..etc” on the cloud user’s Client however the Office 365 homed user’s presence takes time to change on the on-premises user’s list and the IM doesn’t seem to work properly as messages sometimes doesn’t go through and fail.

Sending a message from the on-premises User (Mohammed Hamada) to (ADMIN)

clip_image003[24]

Now sending an IM from Admin to Mohammed Hamada

clip_image004[24]

To make sure that the issue is not within my on-premises server, I will use a different Skype for Business online account and see if IM work both ways.

This is my other user.. The presence information seems to work properly and now I’ll test the IM

clip_image005[22]

IM between my On-premises and another user on another Office 365 tenant seems to be working fine back and forth as in the below snapshots so the issue might be related to Office 365 tenant which I am using for this test (could be related to trial version)

I am going to open a case with MS and see why this issue happens since my on-premises work fine with other tenants.

clip_image006[22]

clip_image007[22]

Now It’s time to move users from and to cloud and on-premises to check how easy, flexible or hard this process is.

I currently have 2 users, one on cloud and one synced and homed online (Office 365)

clip_image008[22]

In order to move users, you can go to Users tab after the hybrid config is finished and find the user you want to move then click on Actions and chose to move the users to the Skype for Business Online as in the below snapshot

Note:

Before you move the user to Office 365, you must assign license to the user or else the move will fail.

clip_image009[16]

clip_image010[16]

clip_image011[16]

clip_image012[16]

clip_image013[12]

You can move the user back from Office 365 to your on-premises Skype for Business server with the same process exactly except that you’ll have to choose which pool you need to move the user to.

Checking where the user is hosted from Skype for business Management shell

The Hosting Provider will show you where the user is working from now.

clip_image014[12]

clip_image015[12]

clip_image016[12]

Hope this has been helpful

References:

https://technet.microsoft.com/en-us/library/jj204967.aspx

https://technet.microsoft.com/en-us/library/jj205403.aspx

https://technet.microsoft.com/en-us/library/jj205126.aspx

https://technet.microsoft.com/en-us/library/jj204669.aspx

https://support.office.com/en-us/article/Configure-Skype-for-Business-Server-2015-Hybrid-b06ee805-4349-4519-82fb-b06ed57c0bd0

https://channel9.msdn.com/Events/Ignite/2015/BRK4129

1- IN-PLACE UPGRADE FROM LYNC 2013 TO SKYPE FOR BUSINESS STEP BY STEP GUIDE

This article guides you through the steps of doing an in-place upgrade from Lync 2013 to Skype for business. I am copying the article as is from my lab with all the errors that I have been through to give you a real experience feed back of what is this like.

You might get issues that you have never expected, but resolving them is not that hard and if you have any issues please don’t hesitate to leave a comment and I will get back to help you.

Prerequisites

Extensible Chat Communication Over SIP protocol (XCCOS)

From <https://technet.microsoft.com/en-us/library/dn951390.aspx>

References:

https://technet.microsoft.com/en-us/library/dn951371.aspx?f=255&MSPPError=-2147217396

https://technet.microsoft.com/en-us/library/dn933900.aspx

Lync CU 5

https://www.microsoft.com/en-us/download/details.aspx?id=36820

Kb2533623 Windows Server 2008 R2

http://support.microsoft.com/kb/2533623

Kb2858668 Windows Server 2012

http://support.microsoft.com/kb/2858668

KB2982006 Windows Server 2012 R2

https://onedrive.live.com/redir?resid=82488EABA4ACDB15!38654&authkey=!AE9IJKbMPtkge8U&ithint=file%2cexe

SQL 2012 SP2 for Express version

https://www.microsoft.com/en-us/download/details.aspx?id=43351

clip_image001

Prerequisite not satisfied: Internet Information Services (IIS) must be installed before attempting to install this product.

Prerequisite not satisfied: The following Internet Information Services (IIS) role services must be installed before attempting to install this product: Static Content, Default Document, HTTP Errors, ASP.NET, .NET Extensibility, Internet Server API (ISAPI) Extensions, ISAPI Filters, HTTP Logging, Logging Tools, Tracing, Client Certificate Mapping Authentication, Windows Authentication, Request Filtering, Static Content Compression, Dynamic Content Compression, IIS Management Console, IIS Management Scripts and Tools

Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install an update for Windows Server 2012 R2. For details about the update, see Microsoft Knowledge Base article 2982006, “IIS crashes occasionally when a request is sent to a default document in Windows 8.1 or Windows Server 2012 R2” at http://go.microsoft.com/fwlink/?LinkId=519376

Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install Microsoft ASP.NET 4.5 by using the Add Roles and Features Wizard in Windows Server 2012 Server Manager. Install the ASP.NET 4.5 role service of the Web Server (IIS) role.

Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install Microsoft Windows Communication Foundation Activation by using the Add Roles and Features Wizard in Windows Server 2012 Server Manager. Install WCF Services and HTTP Activation, which are included with the Microsoft .NET Framework 4.5 feature.

http://go.microsoft.com/fwlink/?LinkId=519376

Powershell

$PSVersionTable

clip_image002

STEP 1 : Installing Prerequisites

Add-WindowsFeature NET-Framework-Core, RSAT-ADDS, Windows-Identity-Foundation, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Dir-Browsing, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Server-Media-Foundation, BITS, Desktop-Experience, Telnet-Client

https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/requirements-for-your-environment/server-requirements

Updated aug-2018

clip_image003

clip_image004

STEP 2: Installing CU5

Download and install CU5

https://www.microsoft.com/en-us/download/details.aspx?id=36820

clip_image005

clip_image006

After the restart we will apply the update of the databases which in my case is going to be the FQDN of the FE server since it’s standard version and not Backend server.

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn lyncfe01.adeo.local -Verbose

clip_image007

clip_image007[1]

Time to upgrade the Archiving/Monitoring databases.

To upgrade we’ll use the same command except change the FQDN of the SQL server to the SQL server where Monitoring and Archiving databases are at.

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn sql01.adeo.local -Verbose

clip_image008

clip_image009

clip_image010

Applying CMS upgrade

clip_image011

Install-CsDatabase -CentralmanagementDatabase -SqlServerFqdn Lyncfe01.adeo.local -SqlInstanceName rtc -verbose

clip_image012

clip_image013

Then run enable-cstopology

Last thing in the CU5 update is

%ProgramFiles%\Microsoft Lync Server 2013\Deployment\Bootstrapper.exe

clip_image014

clip_image015

https://support.microsoft.com/en-us/kb/2809243

Step 3 : Installing Windows OS hotfix.

KB2982006 Windows Server 2012 R2

Since the FE is on Windows Server 2012 R2 then we’ll need to download this link

https://onedrive.live.com/redir?resid=82488EABA4ACDB15!38654&authkey=!AE9IJKbMPtkge8U&ithint=file%2cexe

RESTART is Required

clip_image016

STEP 4 : Install SQL Service Pack 2 (Express) for your Lync Front end Standard Edition

First Download SQL Express SP2 setup

clip_image017

You can patch the server by opening a Lync Management Shell window and entering the following commands:

1- Stop-CsWindowsService
2- .\SQLEXPR_x64_ENU.exe /ACTION=Patch /allinstances /IAcceptSQLServerLicenseTerms

clip_image018

clip_image019

clip_image020

clip_image021

clip_image022

clip_image023

clip_image024

clip_image025

Step 5: SQL Server (Standard or Enterprise) for (Monitoring, Archiving)

https://support.microsoft.com/en-us/kb/321185

clip_image026

My SQL Server version is SP1 so I don’t need to upgrade it to SP2

clip_image027

Step 6- In-place Upgrade for Skype For Business

In order to do the in-place upgrade, we’ll need to use a machine that doesn’t have Lync 2013 to install the new Topology builder and do the upgrade process

On a different Machine that’s joined to the same domain, I will run the prerequisites script and restart the machine. then I’ll load the Skype for business ISO and install

clip_image028

D:\Setup\amd64\Setup.exe

clip_image029

clip_image030

clip_image031

clip_image032

We’ll now press on Installing Administrative tools

clip_image033

clip_image034

clip_image035

Now in order to continue we’ll have to open the topology builder in order to upgrade our Lync 2013 topology

I’ll open the topology builder and save the topology file somewhere

clip_image036

Once the topology is open, I’ll navigate to the Standard FE Servers and right click on my main server to upgrade

clip_image037

clip_image038

I’ll click on Upgrade to Skype for Business Server 2015…

clip_image039

As soon as you press Yes, the Frontend server that you selected will be moved under the Skype For Business Server 2015 tab as you can see below.

clip_image040

Since I have two FE servers (FE and SBS) I will be upgrading them both but not in the same time not not fall into any errors, so I will publish the topology and see what happens.

clip_image041

clip_image042

We’ll check what do we need to do now in order to upgrade the servers, here is what we’ll do.

Import existing normalization rules from the previous Skype for Business Server deployment. If you want to keep your existing normalization rules you will need to import them using the Import-CsCompanyPhoneNormalizationRules cmdlet. If you have separate normalization rules for each pool then you will need to run the command for each set.

To perform an in-place upgrade of your Skype for Business Server, you’ll need to do the following, in order:

(1) Stop the Skype for Business services on all of the servers that you are upgrading;
(2) Run Skype for Business Server setup (Setup.exe) on all of the servers you are upgrading;
(3) Start the Skype for Business services on all of the servers you upgraded. To start the services in a Front End pool, connect to one of the servers in the pool and run the Start-CsPool cmdlet. All the servers in the pool should be running Skype for Business Server before you use the Start-CsPool cmdlet. To start the services in all other pools (e.g. Edge pool, Mediation pool), run the Start-CsWindowsService cmdlet on every server in the pool;

Server FQDN: lyncfe01.adeo.local, Pool FQDN: lyncfe01.adeo.local

On Lync FE 01 I’ll stop all the services using Stop-cswindowsservice

clip_image043

Now on the same server I’ll load the Skype4B ISO and start the setup

D:\Setup\amd64\Setup.exe

clip_image029[1]

clip_image030[1]

clip_image031[1]

Started at 1:40pm

clip_image044

clip_image045

clip_image046

clip_image047

clip_image048

clip_image049

NOTE:

The required time for the upgrade process is estimated around 75-90 Minutes for each FE Server.

clip_image050

clip_image051

Starting ‘Verifying upgrade readiness…’

‘Verifying upgrade readiness…’ completed successfully

Starting ‘Installing missing prerequisites…’

‘Installing missing prerequisites…’ completed successfully

Starting ‘Uninstalling roles…’

‘Uninstalling roles…’ completed successfully

Starting ‘Detaching database…’

‘Detaching database…’ completed successfully

Starting ‘Uninstalling local management services…’

‘Uninstalling local management services…’ completed successfully

Starting ‘Installing and configuring core components…’

‘Installing and configuring core components…’ completed successfully

Starting ‘Installing administrative tools…’

‘Installing administrative tools…’ completed successfully

Starting ‘Installing local management services…’

‘Installing local management services…’ completed successfully

Starting ‘Attaching database…’

‘Attaching database…’ completed successfully

Starting ‘Upgrading database…’

‘Upgrading database…’ completed successfully

Starting ‘Enabling replica…’

‘Enabling replica…’ completed successfully

Starting ‘Installing roles…’

‘Installing roles…’ completed successfully

Starting ‘Verifying installation…’

‘Verifying installation…’ completed successfully

clip_image052

Upgrade the SBS (Survivable Branch Server) in the pool to Skype4B

clip_image053

clip_image054

Publish the topology

clip_image055

I’ll stop the service before I start the upgrade process.

clip_image056

I’ll load the ISO on the second server and start the upgrade.

D:\Setup\amd64\Setup.exe

clip_image029[2]

clip_image030[2]

clip_image031[2]

clip_image057

Apparently I forgot to update Lync to the latest CU

clip_image058

clip_image059

clip_image060

clip_image061

CREATE SKYPE FOR BUSINESS GROUPS

If you’re looking for an quick way to let all your users easily add all Skype for Business users to their list after migration from Lync 2010/2013/Skype4business to Office 365 Skype for Business then please follow these steps ..

In order to do so, you will have to have DirSync (Azure AD Sync) installed and functioning properly.

First step: Add a group to AD

On Local AD create a Universal Distribution group as following

Note:

The group must have an e-mail address entered in the Email field otherwise it won’t show up in Lync Client list when you search.

clip_image001

Go to Members tab and add all the users that you are planning to Enable on Skype4Business.

clip_image002

Apply and close the group.

Go to DirSync

Force the Sync

clip_image003

Make sure that group has been Synced.

clip_image004

In office 365. You can check If the group is there or not by simply navigating to the Groups tab on the left pane.

clip_image005

Now Open Lync 2013 or Skype 4 Business client and search for this group by email

clip_image006

Right click the group and click Add to contacts

As soon as you add the group, all the members will come beneath it right away.

clip_image007


LYNC 2013 TO SKYPE FOR BUSINESS IN-PLACE UPGRADE WITH MONITORING DATABASE

This article guides you through the steps of doing an in-place upgrade from Lync 2013 to Skype for business. I am copying the article as is from my lab with all the errors that I have been through to give you a real experience feed back of what is this like.

You might get issues that you have never expected, but resolving them is not that hard and if you have any issues please don’t hesitate to leave a comment and I will get back to help you.

Prerequisites

Extensible Chat Communication Over SIP protocol (XCCOS)

From <https://technet.microsoft.com/en-us/library/dn951390.aspx>

References:

https://technet.microsoft.com/en-us/library/dn951371.aspx?f=255&MSPPError=-2147217396

https://technet.microsoft.com/en-us/library/dn933900.aspx

Lync CU 5

https://www.microsoft.com/en-us/download/details.aspx?id=36820

Kb2533623 Windows Server 2008 R2

http://support.microsoft.com/kb/2533623

Kb2858668 Windows Server 2012

http://support.microsoft.com/kb/2858668

KB2982006 Windows Server 2012 R2

https://onedrive.live.com/redir?resid=82488EABA4ACDB15!38654&authkey=!AE9IJKbMPtkge8U&ithint=file%2cexe

SQL 2012 SP2 for Express version

https://www.microsoft.com/en-us/download/details.aspx?id=43351

clip_image001

First Issue:

Upon running the setup I have got the following error:

Prerequisite not satisfied: Internet Information Services (IIS) must be installed before attempting to install this product.

Prerequisite not satisfied: The following Internet Information Services (IIS) role services must be installed before attempting to install this product: Static Content, Default Document, HTTP Errors, ASP.NET, .NET Extensibility, Internet Server API (ISAPI) Extensions, ISAPI Filters, HTTP Logging, Logging Tools, Tracing, Client Certificate Mapping Authentication, Windows Authentication, Request Filtering, Static Content Compression, Dynamic Content Compression, IIS Management Console, IIS Management Scripts and Tools

Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install an update for Windows Server 2012 R2. For details about the update, see Microsoft Knowledge Base article 2982006, “IIS crashes occasionally when a request is sent to a default document in Windows 8.1 or Windows Server 2012 R2” at http://go.microsoft.com/fwlink/?LinkId=519376

Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install Microsoft ASP.NET 4.5 by using the Add Roles and Features Wizard in Windows Server 2012 Server Manager. Install the ASP.NET 4.5 role service of the Web Server (IIS) role.

Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install Microsoft Windows Communication Foundation Activation by using the Add Roles and Features Wizard in Windows Server 2012 Server Manager. Install WCF Services and HTTP Activation, which are included with the Microsoft .NET Framework 4.5 feature.

http://go.microsoft.com/fwlink/?LinkId=519376

Powershell

$PSVersionTable

clip_image002

I will re-run prerequisites to make sure that all are satisfied before running setup again.

STEP 1 : Installing Prerequisites for this In-Place Upgrade

Add-WindowsFeature NET-Framework-Core, RSAT-ADDS, Windows-Identity-Foundation, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Dir-Browsing, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Server-Media-Foundation, BITS, Desktop-Experience, Telnet-Client

https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/requirements-for-your-environment/server-requirements

Updated aug-2018

clip_image003

clip_image004

STEP 2: Installing CU5

Download and install CU5

https://www.microsoft.com/en-us/download/details.aspx?id=36820

clip_image005

clip_image006

After the restart we will apply the update of the databases which in my case is going to be the FQDN of the FE server since it’s standard version and not Backend server.

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn lyncfe01.adeo.local -Verbose

clip_image007

clip_image007[1]

Time to upgrade the Archiving/Monitoring databases.

To upgrade we’ll use the same command except change the FQDN of the SQL server to the SQL server where Monitoring and Archiving databases are at.

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn sql01.adeo.local -Verbose

clip_image008

clip_image009

clip_image010

Applying CMS upgrade

clip_image011

Install-CsDatabase -CentralmanagementDatabase -SqlServerFqdn Lyncfe01.adeo.local -SqlInstanceName rtc -verbose

clip_image012

clip_image013

Then run enable-cstopology

Last thing in the CU5 update is

%ProgramFiles%\Microsoft Lync Server 2013\Deployment\Bootstrapper.exe

clip_image014

clip_image015

https://support.microsoft.com/en-us/kb/2809243

Step 3 : Installing Windows OS hotfix.

KB2982006 Windows Server 2012 R2

Since the FE is on Windows Server 2012 R2 then we’ll need to download this link

https://onedrive.live.com/redir?resid=82488EABA4ACDB15!38654&authkey=!AE9IJKbMPtkge8U&ithint=file%2cexe

RESTART is Required

clip_image016

STEP 4 : Install SQL Service Pack 2 (Express) for your Lync Front end Standard Edition

First Download SQL Express SP2 setup

clip_image017

You can patch the server by opening a Lync Management Shell window and entering the following commands:

Stop-CsWindowsService

.\SQLEXPR_x64_ENU.exe /ACTION=Patch /allinstances /IAcceptSQLServerLicenseTerms

clip_image018

clip_image019

clip_image020

clip_image021

clip_image022

clip_image023

clip_image024

clip_image025

Step 5: SQL Server (Standard or Enterprise) for (Monitoring, Archiving)

https://support.microsoft.com/en-us/kb/321185

clip_image026

My SQL Server version is SP1 so I don’t need to upgrade it to SP2

clip_image027

Step 6- In-place Upgrade for Skype For Business

In order to do the in-place upgrade, we’ll need to use a machine that doesn’t have Lync 2013 to install the new Topology builder and do the upgrade process

On a different Machine that’s joined to the same domain, I will run the prerequisites script and restart the machine. then I’ll load the Skype for business ISO and install

clip_image028

D:\Setup\amd64\Setup.exe

clip_image029

clip_image030

clip_image031

clip_image032

We’ll now press on Installing Administrative tools

clip_image033

clip_image034

clip_image035

Now in order to continue we’ll have to open the topology builder in order to upgrade our Lync 2013 topology

I’ll open the topology builder and save the topology file somewhere

clip_image036

Once the topology is open, I’ll navigate to the Standard FE Servers and right click on my main server to upgrade

clip_image037

clip_image038

I’ll click on Upgrade to Skype for Business Server 2015…

clip_image039

As soon as you press Yes, the Frontend server that you selected will be moved under the Skype For Business Server 2015 tab as you can see below.

clip_image040

Since I have two FE servers (FE and SBS) I will be upgrading them both but not in the same time not not fall into any errors, so I will publish the topology and see what happens.

clip_image041

clip_image042

We’ll check what do we need to do now in order to upgrade the servers, here is what we’ll do.

Import existing normalization rules from the previous Skype for Business Server deployment. If you want to keep your existing normalization rules you will need to import them using the Import-CsCompanyPhoneNormalizationRules cmdlet. If you have separate normalization rules for each pool then you will need to run the command for each set.

To perform an in-place upgrade of your Skype for Business Server, you’ll need to do the following, in order:

(1) Stop the Skype for Business services on all of the servers that you are upgrading;

(2) Run Skype for Business Server setup (Setup.exe) on all of the servers you are upgrading;

(3) Start the Skype for Business services on all of the servers you upgraded. To start the services in a Front End pool, connect to one of the servers in the pool and run the Start-CsPool cmdlet. All the servers in the pool should be running Skype for Business Server before you use the Start-CsPool cmdlet. To start the services in all other pools (e.g. Edge pool, Mediation pool), run the Start-CsWindowsService cmdlet on every server in the pool;

Server FQDN: lyncfe01.adeo.local, Pool FQDN: lyncfe01.adeo.local

On Lync FE 01 I’ll stop all the services using Stop-cswindowsservice

clip_image043

Now on the same server I’ll load the Skype4B ISO and start the setup

D:\Setup\amd64\Setup.exe

clip_image029[1]

clip_image030[1]

clip_image031[1]

Started at 1:40pm

clip_image044

clip_image045

clip_image046

clip_image047

clip_image048

clip_image049

NOTE:

The required time for the upgrade process is estimated around 75-90 Minutes for each FE Server.

clip_image050

clip_image051

Starting ‘Verifying upgrade readiness…’

‘Verifying upgrade readiness…’ completed successfully

Starting ‘Installing missing prerequisites…’

‘Installing missing prerequisites…’ completed successfully

Starting ‘Uninstalling roles…’

‘Uninstalling roles…’ completed successfully

Starting ‘Detaching database…’

‘Detaching database…’ completed successfully

Starting ‘Uninstalling local management services…’

‘Uninstalling local management services…’ completed successfully

Starting ‘Installing and configuring core components…’

‘Installing and configuring core components…’ completed successfully

Starting ‘Installing administrative tools…’

‘Installing administrative tools…’ completed successfully

Starting ‘Installing local management services…’

‘Installing local management services…’ completed successfully

Starting ‘Attaching database…’

‘Attaching database…’ completed successfully

Starting ‘Upgrading database…’

‘Upgrading database…’ completed successfully

Starting ‘Enabling replica…’

‘Enabling replica…’ completed successfully

Starting ‘Installing roles…’

‘Installing roles…’ completed successfully

Starting ‘Verifying installation…’

‘Verifying installation…’ completed successfully

clip_image052

Upgrade the SBS (Survivable Branch Server) in the pool to Skype4B

clip_image053

clip_image054

Publish the topology

clip_image055

I’ll stop the service before I start the upgrade process.

clip_image056

I’ll load the ISO on the second server and start the upgrade.

D:\Setup\amd64\Setup.exe

clip_image029[2]

clip_image030[2]

clip_image031[2]

clip_image057

Apparently I forgot to update Lync to the latest CU

clip_image058

clip_image059

clip_image060

Web Conferencing Server connection failed to Establish on Edge server

Web Conferencing Server connection failed to Establish on Edge server 


In an environment of a domain with a backup DC you might face a problem with Lync Edge deployment.

After the step where you have to add the CA authority certificate to your Trusted CA store in Edge Server you might notice 

some errors with Edge server trusting the connection from Front end or vice versa.

The problem will happen if there’s two CA certificates in the Trusted CA store and you only have imported one of them.

Looking at the Front End server Certificate store which is joined to the Domain. We still need to dig more to make sure the certificate chain is fully installed.

Errors might be generated by the same symptom are:

Web Conferencing Server connection failed to establish.

Over the past 1 minutes Lync Server has experienced incoming TLS connection failures 1 time(s). The error code of the last

Failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted. ) and the last connection was from the host “”.

Cause:

This can occur in case the box is not properly configured for TLS communications with remote Web Conferencing Server.

Resolution:

Check your topology configuration to ensure that both this host and remote Web Conferencing Server can validate each other TLS certificates and are otherwise trusted for communications.

The XMPP Translating Gateway Proxy has no connections to any XMPP gateways.

Cause: Connectivity issue.

Resolution:

Check that a configured gateway is running.

TLS outgoing connection failures.

Over the past 1 minutes, Lync Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted.) while trying to connect to

the server “EGELYNCFE.domain.local” at address [192.168.16.45:5061], and the display name in the peer certificate is “Unavailable”.

Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer 

server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect.

The root certificate is not trusted error means the peer certificate was issued by a remote CA that is not trusted by the local machine.

Resolution:

Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN 

somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses 

returned by DNS refer to a server in the same pool. For un-trusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.

Resolution:

To Resolve this problem, make sure that you export both CA from Front End and import them in to Edge’s Trusted root 

CA Local store.